Disclaimer

The content of this blog is my personal opinion only. Although I am an employee - currently of Imagination Technologies's MIPS group, in the past of other companies such as Intellectual Ventures, Intel, AMD, Motorola, and Gould - I reveal this only so that the reader may account for any possible bias I may have towards my employer's products. The statements I make here in no way represent my employer's position, nor am I authorized to speak on behalf of my employer. In fact, this posting may not even represent my personal opinion, since occasionally I play devil's advocate.

See http://docs.google.com/View?id=dcxddbtr_23cg5thdfj for photo credits.

Sunday, March 12, 2017

Trying out Fitocracy - nah...

"Trying out a fitocracy group for a group of friends from fitbit and work who want to challenge each othr with more than steps."


Today I wasted an hour or so trying out http://fitocracy.com



Drawn to fitocracy because it seemed to be site/app most focussed on a variety of workouts other than running/walking/steps/distance.



Fitocracy does have the ability to track exercises other than steps and distance. Supposedly more than 700 - "Most Popular 200" appears on your dashboard.  The exercises seem mostly gymrat weightlifting, generalized to things like walking, jiu-jitsu...  Or perhaps I should say "genericized" - the gymrat template of reps/sets is applied to most exercises.   Which can be a start, but is not always useful.  E.g. what does it mean to do "sets" of my 2 hour dog walk?   For which they allow me to record duration and distance, but not steps or vertical?



(One of the things that I would like to try challenges fr is vertical, eg as measured by fitbit's altimeter, inaccurate as it may be.)



The fitocracy website seems to be like facebook, cranked up and cranky on steroids. This is not a compliment.  The website is loud, in your face, obnoxious. The visual equivalent of loud music playing while you pump iron.  Looks like it would like to be a dating site, probably with as much or as little success as gymrats have picking up girls in the weight room.  (I know, I was such a gymrat once.)



The killer for me seems to be that fitocracy doesn't have "percentage of goal" challenges (as I describe in ISO social fitness challenges beyond steps, which allows friends of different levels to usefully challenge each other).



fitocracy doesn't even allow competitions on absolute, albeit self-recorded, metrics like pushups.



Instead, fitocracy seems to compare "points", calculated by an annoying "FRED  robot glyph". Supposedly allowing comparisons - but in what sort of dimensionally warped unreality I do not know.  (I don't like NIKE "fuel points" either.)



Coupled to this, indicators of poor quality:



I entered my first not-really-a-workout, just a simple record of a hike (where fitocracy would NOT allow me to record vertical).   Fitocracy seemed to insert this more than 7 times into my stream - perhaps once for every group that I had joined? Or, rather, once for each of the groups that I had bee automatically been added to, in addition to those I chose.



Fitocracy seems to take the "default in, optional opt-out" approach.   Indicates desperation to build society - but in my case, repels me.



Having created the group that I hoped to invite my friends to, I noticed a misspelling - "othr" rather than "other".  Part of that hour was wasted trying fruitlessly to find a way to edit the group description.

    Once again, an indicator of a website designed in a rush.



As far as I can tell, fitocracy does not have any automated synch facility.  So you would have to enter workouts by hand.  (If it has automated synch, it is lost in all the UI crap.)



---



BOTTOM LINE:



  • I like that fitocracy can handle typical gymrat workout items
  • But fitocracy doesn'do do %age of goal challenges
  • And so many other things about this site piss me off.
    • Not even going to bother with the iPhone app.
Overall, I have wasted too much time on fitocracy as is is.  Time better spent actually working out.


META-COMMENT:

I think that the difference between "challenge" and "competition" is an important indicator of mindset - whether of app, or the social milieu of an app or website.

"Competition" tends to imply absolute, who gets to be the winner.

"Challenge" tends to imply "we are all in this together".
















'via Blog this'

ISO social fitness challenges beyond fitbit

Some friends and I have been doing FitBit social fitness challenges for a while - I think more than a year now, possibly even two.

The social aspect has been effective, motivating us to do more than we were doing on our own.

We find the "Daily Goal" challenge most useful - what fraction of your daily goal did you get? -  since we have different levels of activity, ranging from circa 10K steps, to 15K+, to a treadmill desk user who usually gets 20K and often 30-40K steps.  Absolute step count challenges are boring when users are that different, but these relative "I got 150% of my goal :-)" vs "I only got 50% of my goal" are okay.

But - there's more to exercise than walking and counting steps.  Or even running and counting steps.

Some of us like swimming.  Others badminton.  Some aspire to do more weights, others yoga.   Calisthenics, pushups, squats, ...

So I am looking for social fitness platforms that have more variety.

Friday, March 10, 2017

Bundle (macOS) - Wikipedia

Bundle (macOS) - Wikipedia:



Many years ago (like, in the 1980s) folks at Gould and UIUC were wondering if we should extend Gould UNIX to support "structured files", like MacIntosh resource forks.



Way back then I said "No, UNIX already supports structured files: directories." With arbitrary metadata.



Similar, a newsgroup discussion on a similar topic - long enough ago that it waas net.* - Chris Torek was involved IIRC - it was pointed out that a tar archive is a structured file, equivalent to a directory.



This is well and good.



MacOS bundles are this concept, carried forward.  MacOS bundles are visible to ordinary UNIX apps as directories, but if you have the appropriate libraries they behave as structured files.



But if you don't have the right libraries, it is easy to damage such "bundles = structured files are directory trees". Tools like "find" traverse into them, etc.



Document formats such as Java JAR files and OpenDocument .odt/.odf files continue the "structured files are archives" meme. Using ZIP, in this case, because ZIP was commonly available on Windows PCs, even though zip does not support as much UNIX metadata the way tar files do.



It is harder to accidentally damage such a "structured files are archives" file. Standard UNIX tools don't look inside.



If you have a user level filesystem like FUSE, you can look inside the archive by mounting it, and use standard tools to manipulate it.



Heck - I wish that .git and .hg storage in repositories worked this way.



But archives are slower to manipulate that directory trees.



I want the best of both worlds - and better.



I want it to be transparent whether "structured file is directory tree" or "structured file is archive".



I want such a structured file to appear as a file (no internal structure) by default.



Possibly with a default data fork.



But I want it to be possible to "mount" such a structured file, whether directory tree or archive, so that standard tools can traverse.  Such a mount should not be global, but user, or better, context specific.  A la Plan9 namespace.



Special privilege should be required.  (No, not kernel, but not any user.)



This way we could distinguish between users and tools that just know how to copy or open the structured file "atomically", and those allowed to do more major surgery.









'via Blog this'

Friday, February 10, 2017

All your backups are about to be deleted... [Apple Time Machine]

Time Machine completed a verification of your b... | Official Apple Support Communities: "Time Machine completed a verification of your backups. To improve reliability, Time Machine must create a new backup for you."
'via Blog this'
This sucks.



Not so much because of the failure - things go bad, and Apple's Time Machine, which seems to be the moral equivalent of a hardlink farm for snapshots, as so many UNIX systems have, is an especially vulnerable format.



More because, AFAIK, there is no Apple Time Machine way to create a second backup or third backup.



Yeah, yeah, I know: the 3-2-1 Backup Rule, 3 copies, 2 formats, 1 off-site. Fortunately, in addition to Time Machine, I have also been using CrashPlan.



At least I am glad that Apple Time Machine / Time Capsule does verification passes, even if the recovery deletes all backups. Google finds many examples of "I thought that I was ll backed up using Time Machine, but when I tried to restore, the backup was reported to be corrupt." I hope that Crashplan does proper verification.  That's what we pay such companies to do.


Tuesday, February 07, 2017

Focus stealing makes me less efficient at work !!!

Krazy Glew's Blog: Monday, February 15, 2016: "I can't believe that focus stealing is still the state of the art.  It causes bugs.  Accidental corruption and destruction of data. And it can be a security hole."
Add to this, something I just realized: focus stealing makes me much less efficient at work, because it makes switching to another task dangerous.

I do a lot of work that involves running background jobs scripting otherwise interactive apps.  FrameMaker today.

I like being able to monitor the progress of such apps by leaving them open in a window on a different display, so that I can watch them out of the corner of my eye.

I would love to be able to do something else while these long running apps run - e.g. read email.  Unfortunately, if the app steals focus, then what I am typing into an email sometimes gets inserted into the app.  BAD!!!

So, for more than a year - I blogged about this in Feb 2016 - I have NOT been able to switch to my email program while these scripts run, for 5, 10, 15 minutes, sometimes more.

Worse:  some time before this, IT disabled VPN access from mobile devices. Unfortunately, the only iPhone email programs that I can stand using - Triage, to which I have recently added Sift - do not use ActiveSync, only IMAP.

So, basically, I have been crippled keeping up with company email for the last year or more.

I only realized this because IT recently gave me VPN access.  And all of a sudden I am keeping up with email again, reading it when the GUI focus stealing scripts are running.

---

I used to be able to blog while such apps were running - but haven't been able to do that with this focus stealing crap.  At least not using blogger - I don't thing the "Blog This" Chrome extension is available on my iPhone.

Ditto anything, like web browsing.  Pretty much I had to leave my MacBook idle except for the "should be background" app, because of frigging focus stealing.

---

Usable phone or tablet apps allow some such task overlap.   But I still find it darned hard to write anything more than a few words on those devices.

Perhaps if I had a second laptop, or a desktop I could switch to.

You might hope that a virtual machine might work - unfortunately, the way I have configured Parallels, "Coherent", means that Windows apps steal focus from MacOS apps, and vice versa.

---

Always scripting such apps to "open -g" is unsatisfactory.  I *want* the app to pop onto its screen - essentially a notification - but without stealing keyboard or mouse focus.

Oh for the old XWindows twm "click to focus" behavior.

Friday, February 03, 2017

Password HELL: "work is low security"

The Register has an amusing series BOFH (Bastard Operator From Hell): this post Password HELL resonated:
"I'll just need your username and password to verify this," the customer rep tells me.
No, this is not another "Never give out your password" post.

What amused me was later:
"Banana47" I lie. "Capital B"
I hear a clicking sound and then:
"No, that password doesn't seem to work."
So at least it's not a ploy to shut me out permanently...
"Hmm. I'll need to look at my password book."
"You... have a password book?" he asks.
"Of course I do! Encrypted, obviously – because I'm an IT professional. What, do you think I just have one password which I use for everything?"
"No, I'm not suggesting that."
"A good thing too, because I have three passwords I use for everything – Low, Medium and High Security."
"And I'm assuming that this is low security?"
"No, work is low security, this is medium and all the personal stuff I care about is high."
"Work is LOW?!" he gasps.
Have you noticed this?

I use long high entropy passwords for my personal stuff.

As a conscientious employee, I would like to use a high entropy password for work. But often IT gets in the way:
  • The only way I can handle a really high entropy password is using a password manager. There is no way that I can remember 24 characters of [a-zA-Z0-9[:punct:]]{20,24}; heck, I can barely type that many characters reliably. Yeah, gotta use copy&paste, or insert from a password manager.  (I hope those are secure!)
  • But IT often wants me to enter my password into places where password manager insertion or copy&paste doesn't work.  E.g. these convenient ways of entering high entropy passwords did not work, for a long time, on some browsers(usually Corporate IT standard browsers) for HTTP Basic Authentication. E.g. similarly for Cisco VPN tools.  (Although mostly fixed now.)
  • IT single sign on systems sometimes enforce lowest common denominator passwords: e.g. if some system only allows 14 character passwords, all are restricted.  Worse if it is a password replication system.
  • If you still want to use a high entropy password despite such problems, i.e. so that you have to memorize it, then IT policies like "passwords must be changed every 90 days" get in the way. How many of us increment a version number in a password?  Password change policies can weaken security is now a meme.
  • Many systems prevent you from reusing one of the last N passwords.  That's okay - they can compare hashes.  But trying to prevent incrementing patterns like HighEntropy.0342, HighEntropy.0442 if you have proper password security. Homomorphic encryption, anyone?
  • Corporate IT systems seem to require passwords to be entered much more often.  E.g. in my company I have to enter my password for VPN whenever I close and then reopen the lid of my laptop, disconnecting from wifi. (I wish there was hysteresis here - e.g. don't disconnect from wifi/VPN for a few minutes, or while I am still in building.)  Often, e.g. every morning and lunch, I have to enter the same password back to back for VPN and then for Perforce (the centralized version control tool).  And then often again for VNC or an emacs shell session. At least not so much for web pages, given a password manager.   Password manager insertion works for some, but not all.  Copy&paste of passwords works for some, but not all. Ironically, secure copy&paste of passwords often means that the password is erased immediately on pasting, so that it is not left around for a bad guy to look at. (Better to have some sort of indication of timeout, and/or some sort of indication of who the password can be pasted into, and/or a notification like "Are you SURE you want to paste this password into this phishing webpage text box?") So, while I am willing to use hopefully secure copy&paste for passwords that I only enter once in a while, it can be too much of a slowdown for passwords that must be frequently entered.  So I memorize them.  And probably simplify them to make them ease to memorize.  Password friction frequency erodes entropy.
  • Late addition, after original post, but probably one of the biggest factors leading to weak work passwords:  my company's "password failure" policy is "3 tries, and you are locked out for 30 minutes". Compare to iPhone "6 tries => 1 minute lockout".  (iOS 7 reported as 6=>1minute, 7=>5, 8=>15, 9=>60, 10=>lock/iTunes/erase; I don't know if iOS10 does that). A weaker password for work is encouraged by the more immediate & steeper penalty for typing a bad password compared to the iPhone - although the work password penalty curve levels off, there is no equivalent of "erase everything".
Other places where that last point applies:  
  • iPhone: whereas on Android password managers can look at webpages and apps and supply passwords, it is harder to do so on iPhone. At least iPhone now mostly allows password copy&paste, and seems to have some security features like use-once. But still, has anyone else noticed that iOS encourages you to have weaker passwords?
Finally,
  • Two Factor Authentication is a darn good thing for security - ok, SMS text messages can be hacked, and I dislike time-based things like Google Authenticator. But how many Corporate IT departments support it?
This may be considered an example of your most important passwords are probably your weakest, which I have posted about before.  This is why I like this BOFH saying "work passwords are low security", even if in mockery or ironically.  My employer would probably LIKE me to create high security passwords for work. But IT gets in the way.


Friday, January 27, 2017

Google Voice Bug Helps Me Get Fit :-(

Is Google Voice living or dying?  Who knows.

It has long standing bugs, such as not providing a correct count of messages in its icon badge:
Google Voice iOS notifications not working for new voicemail - Google Product Forums: "Google Voice iOS notifications not working for new voicemail"
Until today, I thought that the problem was that was following the Google "archive, not search" approach.  And also that I forward SMS text messages from Google Voice to my iPhone, where I handle them in Messenger, so historically have not gone to Voice to delete or archive them there.  I even thought that this might be a feature, since the iPhone Messenger app has no archive feature - if you want to have an uncluttered screen, ya gotta delete them iPhone messages!

But for some reason today I thought that I might try to actually use Google Voice, enabling its badge count, etc.

PROBLEM: my Google Voice badge count is stuck at 1,168.

So, I thought that I might try to archive all of my Google Voice, emptying the Inbox.

PROBLEM: Google Voice has no easy way to manage large numbers of messages all at once.  It only allows you to handle one screenful at a time.

In the past I might have handled this with AppleScript.   But macOS Sierra has gotten stricter about allowing "accessibility" apps to send keystrokes and mouseclicks and read the screen.  So my old scripts don't work, and since I am switching from Mac back to PC, I did not want to spend time learning how to make them trusted.

THEREFORE, I decided to do it by hand.

Well, not quite.  I created a keyboard macro that allowed me to select and archive or delete a screenful of Google Voice messages with one button press.  And then I started dancing in front of my computer, repeatedly pressing the button.

I created the button using Quadro, a "User Interface Extension" that runs on iPhones and iPads, and allows you to create buttons that execute short sequences of osascript commands or keyboard shorcuts.

PROBLEM: Quadro cannot send mouseclicks.  AutoHotKey on a PC can, but I didn't go there.

So I danced.  Why "dancing in front of my PC"?

Well, I'm a FitBit addict.  I needed my steps.  I could not walk around while doing this, but I could stand in front of my PC, hold my iPad in my hands, and press the button while watching the screen, re-pressing every time a screenful of messages was selected and Archived.

PROBLEM:  the Gvoice badge count was not the Inbox count.  Nor the Unread count.  Nor the missed count.  Nor...

By this time, I was  getting stubborn.  So I first archived, and then when that did not work I deleted, every single Google Voice message. In every folder or category.

I am happy to say I got my steps in. More than 4000 steps.

Unfortunately, with my Google Voice account totally empty, I still see 1,168 on the Google Voice badge count.

Uninstall, reinstall.  Reboot.

Ah, that did it.

So now my Google Voice account is absolutely empty.

And I reached my step goal for the day.

:-)

?

---

But it sucks that this app, like so many Google products, has an absolutely lousy user interface for any "maintenance" tasks like this.